Closed dminkovsky closed 8 months ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Apologies this one fell through the cracks, is this something you still need?
No worries! Nope, not right now. I can contribute this in the future if/when I need it, if it's a PR you'd be interested in.
At this point mostly interested in discussing the use-case and the solution as something similar to this could be used to escalate privileges, main difference is that your solution may or may not require an extra authentication step while escalating may (an example of what I mean is github's setting page, when they asked you to re-enter the password to perform some change).
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Custom claims are great, but you can only generate them based on the current user. Not the current refresh token, i.e. the user's current "session". I want to be able to generate claims based on the user's current session.
Example use-cases:
I would be down to make the PR. My proposed solution is adding another env var, say,
AUTH_JWT_CUSTOM_CLAIMS_REFRESH_TOKEN
that makes the query:Any session-based claims would supplement user-based claims. No existing functionality would be modified.